Visionaries of the past probably never predicted that the very tech supposed to make life easier would be used to steal identities, bypass consent to exploit someone’s privacy, or sell your personal information on the Dark Web, with the latter being especially distressing to everyone who has an account with Fortnite creator Epic Games.
As per recent reports, Epic Games has been allegedly struck with a ransomware attack by a group called Mogilevich, who have stolen close to 200GB of data that includes “email, passwords, full name, payment information, source code, and many other data,” as reported by Cyber Daily.
Mogilevich is not a new name in the dark world of hacking. In fact, the ransomware group has attracted a lot of attention in the last few days of February 2024, with alleged assertions of breaching Infiniti USA and Bazaarvoice. As far as Epic Games is concerned, the group has offered zero evidence backing the news that they have hacked the video game company but is reportedly seeking two routes — a ransom for the safe return of the stolen data or its purchase by a second interested party — with a deadline set for March 4, 2024.
It has also not been clarified whether the information stolen is of Epic Games customers or its employees or whether both sides should be worried about the breach equally.
But should we be scared that Epic Games’ data has been breached? Does your Epic Games account need a password reset?
Based on available evidence, the answer at the time of writing would be “No.”
For starters, Epic Games has finally addressed the news (via Eurogamer) and has established their current (and ongoing) investigation of the claim has coughed up “zero evidence” that the company’s servers have been compromised at all.
“[Ransomware group] Mogilievich has not contacted Epic or provided any proof of the veracity of these allegations. When we saw these allegations, which were a screenshot of a darkweb webpage in a Tweet from a third party, we began investigating within minutes and reached out to Mogilevich for proof. Mogilevich has not responded. The closest thing we have seen to a response is this Tweet, where they allegedly ask for $15k and ‘proof of funds’ to hand over the purported data.”
Also, when we mentioned the recent string of “attacks” by the hacking group above, we just didn’t mean them as examples — Mogilievich hasn’t offered any proof to back up their claims in any of them, which includes Ireland’s Department of Foreign Affairs (DFA). So far, they also haven’t found anything that would make the claim authentic.
Then there is the established fake claim by Stormous Ransomware back in 2022 that it had also breached Epic Games’ server and stolen — wait for it — nearly 200 gigabytes of data.
Given all the clues, this could very well be fake news or claims made just to attract attention. But it doesn’t dampen the severity of the fact that such ransomware attacks do happen for real, with the latest being the recent criminal cyberattack on Insomniac and the release of the stolen data online.